[icedd]

Hi, this is a work project. Please let me know your thoughts on any aspect.

It's hosted on magento.

Mspacanada.ca

Thanks in adv

[josiahmahar]

hmm well a bit off topic but i have never heard of an inflatable hot tub before. anyway i think the setup is good but unless you plan on adding more products i don't see why you have the max results on the page able to go up to 30. my rating 9/10 it is easy to navigate contains a good amount of information about your products and isn't cluttered. like i said before the only thing i noticed was the amount of results that can be displayed is way higher (30 for grid view 25 for list view) than the amount of products you have available (which is 4)

[icedd]

I have never heard of them before working with this client. Seems like a very cool product. He sells quiet a few of them in season.

Nice catch with the sorting feature. I over looked that. I do want to keep the platform expandable, but until we add new/more products I'll look into either disabling sorting or getting rid of the higher numbers.

Thanks for your comments!
Cheers

[modi123_1]

Using thesite review template:

http://mspacanada.ca/

Graphics:

Nav Buttons: They are in a clear area and easy to use.. they are also not shifting and highlight well. (Score: 13/15)

Banner/Header: Standard location.. the logo pops back to main page.. (Score: 13/15)

Color Scheme: Pretty clear.. lots of red.. though that it might make the whole thing pop by having the white border (separating the content from the tiled brick image ) drop a shadow or something.

Over all no thing really wow'ed me with the color scheme. (Score: 7/10)

Total: 33/40


Display/Layout:

Organization: Not too shabby.. pretty rout for a website of this sort of business. (Score: 13/15)

Text Layout: clear.. easy to read.. and seems to follow suit with other retail sites. (Score: 13/15)

Total: 26/30

General:

Language: You might want to clarify if this is "Mspa" or "MSpa" (http://mspacanada.ca/about-us). (Score: 4/5)

Feasiblity: looks pretty ready to go. (Score: 5/5)

Other: Slow.. it seems I am waiting more than I should for the amount of content coming back.
The 'live help' button was covering up the 'my account'.. 'my wishlist' line of text.
(Score:

16/20)

Total 25/30

Total Score: 84/100
Grade: A

There wasn't anything amazing that would have kept me coming back to the site outside of my intitial research and a rare accessory.. Functional and reserved.

[icedd]

Thanks modi for you detailed review.

I will try the drop shadows / white border and clean up the consistency with Mspa vs MSpa. I didnt notice that the chat covers the cart on my large development monitors. Thats no excuse though and bad testing on my part. Will try to address this also.

As for the slow bit, I've noticed that myself. This is my first time using magento, and if anyone can offer some advice or I sight on what to expect in terms of speed with magento, that'd be swell.

Thanks again!
ICEDD

[icedd]

Hey guys,

I took your advice and if you had a moment to take a second peek and see what you think that would be great.

Changes:

1) Display amount was to high, so I chnaged to it max 5. I only have 4 total products anyways. I also changed the defaul list style to list instead of grid. Displays cleaner.

2) The Olark chat system was an odd color and intruding on the "checkout area" on smaller or lower res monitors. I changed this to smokey black color and moved it to the bottom right to be less intrusive. Now, if it does display over the website the cart is still functional (which is obviously more important).

3) I added a drop shadow to the website. It added a better transition from the main website area to the background. Thanks for the suggestion.

4) I cleaned up the "Mspa" and "MSpa". They should now all be consistent with "MSpa"

5) I tried the white bored but it looked really bad, so I stuck with the drop shadow



Firstly thanks for the suggestions and comments. Secondly, if any one has any extra or additional comments, I would be more then happy to hear them.

Thanks in adv,
Icedd

[josiahmahar]

hello again i have looked at your site again and i have noticed the "100% Canadian Owned & Operated" is hard to see. on a side note have you thought about making your moose light advertisement clickable? so people can find it on Facebook easier? i like the changes you have made especially with the live help but is it supposed to change from offline to online every couple of minutes of is that just someone testing it?

anyway off topic your with creative curve media group? if so how have the buskers festivals been? I haven't been to any since i moved out of Nova Scotia

[icedd]

I have just talked to my boss and designer and they want the "100% canadian owned & operated" left that way. They said ti was too in you face when It was darker. Fine with me, I don't claim to be a good designer. I prefer to stick to the coding anyways So that will be left alone.

As for the moose head linking to facebook. Nice catch. I have requested the appropriate link from the client and will link it when I get it.

This is the hard thing about doing web development on your own. Firstly, your looking at the website ALL the time, so you start to dismiss things.. ie the moose head ad not being linked. Which I'm not sure if its just me being sloppy or not. Regardless, it would still be nice to have another developer to work with, to pass around ideas, talk about similar stuff and also to have another developer look over your project for things you've missed. Which is why i send out a big <3 to the DIC community as I will be posting here quite frequently until we get another developer, and even then

The online and offline is determined by the "operator" being online or offline. Uses an email account setup to Gtalk. The secretary is on the other end of the chat system.

On that side note. Busker are pretty good as always and yes, I am with Creative Curve Media Group. Where did you live at in NS, if you don't mind me being nosy.

[josiahmahar]

makes sense you don't want things to be to in your face

Ya web development can be a pain i suck at it but i love doing it. i plan on applying for web site development university classes after i write my GED tests on the 14th.

i lived in a few different places Port Hilford, Sherbrook, New Glasgow, and Dartmouth.

[icedd]

I currently live in the Dartmouth area. Nice place. As for taking "web development" classes... I would say take a minuet and think about what you want out of it. I can only speak for open source coding, (apache, html/css, Javascript - jquery- ajax, php and mysql) but I learned everything I needed to know in about 6 months. I spent another 6 months refining my skills. All with out school. I don't claim to be the best (far from it), but I knew enough after a year to land a web dev position with salary soloing websites. So their are alternativ methods, is all im saying Finding a friend or someone to talk with about coding/ programming really helps with motivation.


On topic how ever. I think I just found out why the website was acting slower then expected... I disabled the cache and forgot to turn it back on. oops. Seems to be running much better now. But still a little slow. Though from what I have read, Magento is a slower system then most.

Now I have the SSL setup on the shopping cart and checkout pages. I also added the FB link from the mooseLight ad. Every thing is ready to go minus the SSL badge at the bottom right that doesn't want to show up for some reason

Thanks alot guys

[josiahmahar]

i use the Apache and MySQL servers i was considering switching from MySQL to Microsoft sql server but decided to stick with MySQL i know basic php, html, and css but i never really got the hang of javascript. as for web development classes i am looking at taking them to help me learn about designing websites since i have nobody to program with where i am and i live in a town of about 1000 people so we don't have much in the way of needing web designers lol but i think we should continue this conversation in a pm so we don't take away from what this topic is for

[xor-logic]

Taking a look at your site and testing some very basic security stuff.

Found a couple things you should fix quickly.

Your subdirectories are not protected. They should be. Look into .htaccess.
I shouldn't be able to see this, for example:
http://www.mspacanad.../default/media/

Also, your search form seems to be vulnerable to SQL injection. You should research that and learn how to prevent it.

Tried bypassing your form validation a couple different ways, but I don't think I succeeded. If I did, you might see some strange users.

That's all I've found at the moment, but if I see anything else, I'll let you know.


EDIT:
I REALLY should not be able to find this.
Again, look into .htaccess

This post has been edited by xor-logic: 14 May 2012 - 02:36 AM

[icedd]

@ xor-logic

I will disable directory browsing in the .htaccess file. This is my first time using Magento and I have been focusing on learning the system and forgetting about things like this apparently "oops". No excuse though, and thank you for taking time out of your day to help me out

I am aware of the concept of "SQL Injections". I do not know what they are (beyond the descriptive name), or how to use them / prevent them. I will do some research today however. I would like to think that it's not vulnerable, seeming as its a very widley used system and the search functions are pre-written, but maybe I'm just being optimistic.

As for the validation, same thing. Pre-written with this template / system. Though im not sure if the system handles the validation or if the template does. My guess would be the frontend is handled by the template maker, and the php validation is handled by the system. I again would like to be optimistic and think that it's secure, though I will certainly check it out. Could you be a little more specific on which form though? I am guessing the register form, since you mentioned wonky users? Or all of them?


What is the problem with being able to reach the back-end login if it's behind username and pass?



Thank for your time and knowledge

This post has been edited by icedd: 14 May 2012 - 06:03 AM

[xor-logic]

I've noticed you've hidden your directories with .htaccess. Good.

As far as whether having your login page be visible, it may not be a problem. It might be perfectly secure.

But as a (potentially hostile) visitor to your site, I don't need to be able to see it, do I? There's really no reason for your admin login page to be visible to me, and when you consider that it might be a point of vulnerability if someone was trying to attack your site, there's actually a pretty good reason to hide it from everyone except those who actually need to be able to access it.

[icedd]

Yes, I have disabled directory listings. I typically do, though I forgot on this project for some reason.

I also spent some time on SEO stuff (not much as the client didn't pay for it). Which works out for me because I am not great with it. I was also having a problems with google listing the same pages but with different URL paths via rewrite prefernces in magento. Which was giving me duplicated content/ descriptions. I have tried to tidy that up a little with the robots.txt file and disallowing some paths.

Quote

Tried bypassing your form validation a couple different ways, but I don't think I succeeded. If I did, you might see some strange users

.

Much to my happiness, no strage users.

Quote

But as a (potentially hostile) visitor to your site, I don't need to be able to see it, do I? There's really no reason for your admin login page to be visible to me, and when you consider that it might be a point of vulnerability if someone was trying to attack your site, there's actually a pretty good reason to hide it from everyone except those who actually need to be able to access it.

I'm not sure how I feel about this. Its sort of double edged to me. In the one hand, I agree. In the sense that only the people who need to be access should know the url. Though I have never had any trouble with it before.

On the other hand, (and let it be known I am talking completely out of my ass here..) I feel as though if some one IS able to and IS determined to get into the site, they will regardless whether I hide the login url or not. If they are skilled enought to bypass security in some manner, then I would imagine they have the skill to find out that url... if they even needed it. Good ol' saying, "Locks only keep out the honest people". I don't know whats involved in this which is why I say I'm talking out of my ass.

I do understand the point of, "why make it easy" though.



I really appreciate you helping me.
If anyone has more suggestions, my ears are always open